* limitations under the License.
*/
+#include <assert.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include "ResponseCode.h"
#include "cryptfs.h"
#include "Ext4Crypt.h"
+#include "MetadataCrypt.h"
#include "Utils.h"
#define DUMP_ARGS 0
dumpArgs(argc, argv, -1);
rc = cryptfs_crypto_complete();
} else if (subcommand == "enablecrypto") {
+ if (e4crypt_is_native()) {
+ if (argc != 5 || strcmp(argv[2], "inplace") || strcmp(argv[3], "default")
+ || strcmp(argv[4], "noui")) {
+ cli->sendMsg(ResponseCode::CommandSyntaxError,
+ "Usage with ext4crypt: cryptfs enablecrypto inplace default noui", false);
+ return 0;
+ }
+ return sendGenericOkFailOnBool(cli, e4crypt_enable_crypto());
+ }
const char* syntax = "Usage: cryptfs enablecrypto <wipe|inplace> "
"default|password|pin|pattern [passwd] [noui]";
} else if (subcommand == "enablefilecrypto") {
if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
dumpArgs(argc, argv, -1);
- rc = cryptfs_enable_file();
+ rc = e4crypt_initialize_global_de();
} else if (subcommand == "changepw") {
const char* syntax = "Usage: cryptfs changepw "
"default|password|pin|pattern [newpasswd]";
SLOGD("cryptfs mountdefaultencrypted");
dumpArgs(argc, argv, -1);
+ if (e4crypt_is_native()) {
+ return sendGenericOkFailOnBool(cli, e4crypt_mount_metadata_encrypted());
+ }
// Spawn as thread so init can issue commands back to vold without
// causing deadlock, usually as a result of prep_data_fs.
std::thread(&cryptfs_mount_default_encrypted).detach();
if (!check_argc(cli, subcommand, argc, 3, "<user>")) return 0;
return sendGenericOkFailOnBool(cli, e4crypt_destroy_user_key(atoi(argv[2])));
- } else if (subcommand == "change_user_key") {
- if (!check_argc(cli, subcommand, argc, 7,
- "<user> <serial> <token> <old_secret> <new_secret>")) return 0;
- return sendGenericOkFailOnBool(cli, e4crypt_change_user_key(
- atoi(argv[2]), atoi(argv[3]), argv[4], argv[5], argv[6]));
+ } else if (subcommand == "add_user_key_auth") {
+ if (!check_argc(cli, subcommand, argc, 6, "<user> <serial> <token> <secret>")) return 0;
+ return sendGenericOkFailOnBool(cli, e4crypt_add_user_key_auth(
+ atoi(argv[2]), atoi(argv[3]), argv[4], argv[5]));
+
+ } else if (subcommand == "fixate_newest_user_key_auth") {
+ if (!check_argc(cli, subcommand, argc, 3, "<user>")) return 0;
+ return sendGenericOkFailOnBool(cli, e4crypt_fixate_newest_user_key_auth(atoi(argv[2])));
} else if (subcommand == "unlock_user_key") {
if (!check_argc(cli, subcommand, argc, 6, "<user> <serial> <token> <secret>")) return 0;
return sendGenericOkFailOnBool(cli,
e4crypt_destroy_user_storage(parseNull(argv[2]), atoi(argv[3]), atoi(argv[4])));
- } else if (subcommand == "ensure_policy") {
- if (!check_argc(cli, subcommand, argc, 4, "<dir> <policy>")) return 0;
+ } else if (subcommand == "secdiscard") {
+ if (!check_argc(cli, subcommand, argc, 3, "<path>")) return 0;
return sendGenericOkFailOnBool(cli,
- e4crypt_hex_policy_ensure(argv[2], argv[3]));
+ e4crypt_secdiscard(parseNull(argv[2])));
} else {
dumpArgs(argc, argv, -1);